Risk Management

Risk management (also known as operational risk management or integrated risk management) is the management of granular business risks between the security governance layer and the enterprise risk management layer. Risk managers look at more operational and tactical exposures to the business that can be summarized and abstracted to inform enterprise risks. They manage areas such as vendor risk management, audit management, corporate risk and compliance, legal matters that affect risk, and even business continuity risks. This is also the bridge where cyber risks are addressed, using information to and from the security management layer.